Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2020-11450
HistoryOct 07, 2022 - 3:51 a.m.

MicroStrategy Web 10.4 - Information Disclosure

2022-10-0703:51:24
ProjectDiscovery
github.com
10

7.5 High

AI Score

Confidence

High

0.666 Medium

EPSS

Percentile

97.9%

JSON
MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

id: CVE-2020-11450

info:
  name: MicroStrategy Web 10.4 - Information Disclosure
  author: tess
  severity: high
  description: |
    MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to gain sensitive information.
  remediation: Mitigated in all versions 11.0 and higher.
  reference:
    - http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11450
    - https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
    - https://nvd.nist.gov/vuln/detail/cve-2020-11450
    - http://seclists.org/fulldisclosure/2020/Apr/1
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-11450
    epss-score: 0.59818
    epss-percentile: 0.9769
    cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microstrategy
    product: microstrategy_web
  tags: cve2020,cve,packetstorm,seclists,microstrategy,exposure,jvm,config,xss

http:
  - method: GET
    path:
      - '{{BaseURL}}/MicroStrategyWS/happyaxis.jsp'

    redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Axis2 Happiness Page'
          - 'Examining webapp configuration'
          - 'Essential Components'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402207f02ce103c843033fcd0dd39bee5dad70ceb9e191712097646564dc114484d7902202c6318b8db1435ad9b63f45973a1f98d6968ebfdd30a61f06e77574baba5584e:922c64590222798bb761d5b6d8e72950

Related

cve 1
prion 1
cvelist 1
openvas 3
packetstorm 1
zdt 1
cve
cve
CVE-2020-11450
2020-04-02 15:15:00
prion
prion
Design/Logic Flaw
2020-04-02 15:15:00
cvelist
cvelist
CVE-2020-11450
2020-04-02 15:01:45
openvas
openvas
Apache Axis Detection (HTTP)
2016-04-06 00:00:00
Apache Axis2 Detection (HTTP)
2010-09-20 00:00:00
Directory Scanner
2005-11-03 00:00:00
packetstorm
packetstorm
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution
2020-04-02 00:00:00
zdt
zdt
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution Vulnerabilit
2020-04-03 00:00:00

7.5 High

AI Score

Confidence

High

0.666 Medium

EPSS

Percentile

97.9%

JSON
Related for NUCLEI:CVE-2020-11450
cve1prion1cvelist1openvas3packetstorm1zdt1